How Too Perform An AML Compliant Token Sale - TAG Consultancy
by Liz Seyi Digital marketing managerBackground to an AML compliant token sale
There
is a global move towards the regulation of virtual assets (“VA’s”)
and Virtual Asset Service Providers (“VASP’s”) under the
Financial Action task Force (“FATF”). Included in this category
are the issuance of token sales, at which Gibraltar is at the forefront.
Entities
issuing token sales are, or will be, subject to supervision or monitoring by
competent national authorities. In Gibraltar, this is the Gibraltar Financial
Services Commission (“GFSC”).
As
part of this process, the Proceeds of Crime Act (“POCA”) 2015,
was amended on 23rd July 2021, to also include VASP’s.
Below
we will aim to describe the requirements of a fully AML compliant token sale from Gibraltar, though the processes would not differ
significantly from jurisdiction to jurisdiction.
What is a token sale
Specifically,
the POCA
2015 (page 55) captures the following:
“undertakings
that receive, whether on their own account or on behalf of another person,
proceeds in any form from the sale of tokenised digital assets involving the
use of DLT or a similar means of recording a digital representation of an
asset”.
Conducting an AML Compliant Token sale
1. Type of token sale
Consideration
will be required on whether to perform any of, or a combination of the
following:
(1)
Private sale
(2)
Public sale
The
workload, processes, procedures and overall risk profile will vary
significantly depending on the type of token sale being conducted.
2. Key documentation
A
business risk assessment will need to be conducted in order to assess the
AML/CFT risks associated with the business operations.
In
addition to this, policies and procedures will need to be drafted for AML/CFT
as defined in Section 26A of POCA.
Finally,
a compliance report will need to be completed.
3. Due Diligence
The
type of due diligence will be driven by the risk profile of the token
purchaser, with consideration required on the 4 risk categories as follows:
- Customer Risk
- Interface Risk
- Country Risk
- Product Risk
The
Due diligence information for consideration will always be:
- Proof of ID
- Proof of address
- Source of wealth and source of
funds
4. Systems and software for collection of data
It
is common to use systems and software for the purposes of gathering and storing
KYC and Due Diligence information. These are sometimes done using simple forms,
such as Google sheets, or software when there are large volume of data to
review.
In any instance, it must be fit for purpose, secure and safe.
5. Wallet screening
Due
to the transparent nature of blockchains, it is possible to employ wallet
screening checks as part of the process, in order to track the origin of funds
and ensure that it is not originating from a malicious source. Wallet screening
is generally performed by using a third party software provider and the
parameters can generally be tailored to be more/less sensitive, depending on
the risk appetite of the firm.
6. Reconciliation & Reporting
Reconciliation
of data will be required between the systems, software and blockchain, for the
purposes of receiving the funds, but also for the token distribution process.
By performing these processes appropriately, reporting to Management can be
done on a timely basis for the necessary decision making.
7. Resources (financial & non-financial)
In
order to be able to appropriately perform these duties, it is necessary to know
how many personnel will be required, to cover the areas of compliance, finance
and customer service.
For this reason, the right levels of funding and financial resources will need
to be understood and modelled prior to the start of the token sale process.
8. A money laundering reporting officer (“MLRO”)
Section
26 of the Proceeds of Crime Act 2015 (“POCA”) imposes a requirement on every
relevant financial business under legislation to maintain policies and
procedures to prevent money laundering, the responsibility for creating the
framework is with the Senior Management of the firm and they will appoint a
MLRO.
The
MLRO is the Compliance professional responsible for the oversight of the firm’s
anti-money laundering activities and is the key person in the implementation of
the anti-money laundering strategy of the firm.
The
MLRO needs to be senior, to be free to act on their own authority and be informed
of any relevant knowledge or suspicion in the firm.
9. Record keeping
The
requirement to keep records is for a period of 5 years after completion of the
transaction. Therefore, it is critical to have an appropriate storage and
filing system in order to be in compliance with legislation and any other AML
requirements.
In this manner, should a regulator or other similar entity wish to review
records, they would be readily available on demand.
10. Others
Due
to the infant nature of the DLT space in general, this is attractive to money
launderers, criminals and fraudsters. There are certain types of trigger events
which will need to be monitored throughout the process.
Questions to ask yourself and closing remarks
Are
you looking to conduct an AML
compliant Token sale and are
you aware of the key benefits of doing so?
Have
you come to the conclusion that Gibraltar is the appropriate jurisdiction to
perform your token sale from?
The
Team at TAG Consultancy have
assisted entities in conducting fully compliant AML token sales and would be
happy to assist you with the entire process from start to end.
Get in
touch with us here to find out more!
Sponsor Ads
Created on Apr 11th 2022 06:58. Viewed 73 times.